CAN-SPAM Compliance

The CAN-SPAM Act of 2003 (15 U.S.C. 7701, et seq., Public Law No. 108-187, was S.877 of the 108th United States Congress), signed into law by President George W. Bush on December 16, 2003, establishes the United States' first national standards for the sending of commercial email and requires the Federal Trade Commission (FTC) to enforce its provisions. The acronym CAN-SPAM derives from the bill's full name: Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003. This is also a play on the usual term for unsolicited email of this type, spam. The bill was sponsored in Congress by Senators Conrad Burns and Ron Wyden.

The law required the FTC to report back to Congress within 24 months of the effectiveness of the act. No changes were recommended. It also requires the FTC to promulgate rules to shield consumers from unwanted mobile phone spam. On December 20, 2005 a detailed report to Congress on the effectiveness of the act indicated that the volume of spam has begun to level off, and due to enhanced anti-spam technologies, less is reaching consumer inboxes. A significant decrease in sexually-explicit email was also reported. However, this progress is most likely attributed to improved technologies, not to the law.

Because the CAN-SPAM Act of 2003 authorizes a USD 11,000 penalty per violation for spamming each individual recipient, many commercial email marketers within the United States utilize a service or special software that helps ensure compliance with the Act. Email Director is 100% CAN-SPAM Act Compliant. A variety of older systems exist which do not ensure compliance with the Act. To comply with the Act's regulation of commercial email, services typically: require users to authenticate their return address and include a valid physical address, provide a one-click unsubscribe feature, and prohibit importing lists of purchased addresses that may not have given valid permission.

CAN-SPAM defines a "commercial electronic mail message" as "any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose)". It exempts "transactional or relationship messages". The FTC issued final rules (16 C.F.R. 316) clarifying the phrase "primary purpose" on December 16, 2004. Previous state laws had used bulk (a number threshold), content (commercial), or unsolicited to define spam.

Commercial by many industry standards is defined by a combination of the content in the subject line and "above the fold content" in the body of the message. If this content contains a solicitation and it can be determined that the majority of the content is selling something, it is a commercial offer.

If the subject line and body content are majority invoicing information, a sales receipt, account information, etc. the offer is considered transactional. Note that an offer or advertisement can be placed in a transactional message so long as it is placed in a non-prominent position. Many in the email marketing industry utilize the 80/20 rule to define commercial vs. transactional email in order to be clearly in either category.

The bill permits email marketers to send unsolicited commercial email as long as it adheres to 3 basic types of compliance defined in the CAN-SPAM Act: unsubscribe, content and sending behavior compliance:

► Content Compliance
► Unsubscribe Compliance
► Sending Behavior Compliance

There are no restrictions against a company emailing its existing customers or anyone who has inquired about its products or services, as this constitutes a "prior relationship" under CAN-SPAM.

If a user opts out, a sender has ten days to cease sending and can only use that email address for compliance purposes. The legislation also prohibits the sale or other transfer of an email address after an opt-out request. The law also requires that the unsubscribe mechanism "must be able to process opt-out requests for at least 30 days".

Use of automated means to register for multiple email accounts from which to send spam compound other violations. It prohibits sending sexually oriented spam without the label later determined by the FTC of "SEXUALLY EXPLICIT". This label replaced the similar state labeling requirements of "ADV:ADLT" or "ADLT".

CAN-SPAM makes it a misdemeanor to send spam with falsified header information. A host of other common spamming practices can make a CAN-SPAM violation an "aggravated offense," including harvesting, dictionary attacks, IP address spoofing, hijacking computers through Trojan horses or worms, or using open mail relays for the purpose of sending spam.

SPAM Definitions

Unsolicited commercial email (UCE) is just what it sounds like: an email message that you receive without asking for it advertising a product or service. This is also called junk email.

Unsolicited bulk email (UBE) refers to email messages that are sent in bulk to many recipients. UBE may be commercial in nature, in which case it is also UCE. But it may be sent for other purposes as well, such as political lobbying or harassment.

Make money fast (MMF) messages, often in the form of chain letters or multi-level marketing schemes, are messages that suggest you can get rich by sending money to the top name on a list, removing that name, adding your name to the bottom of the list, and forwarding the message to other people. Some also advocate reposting the message to hundreds of newsgroups. MMF messages are considered lotteries in the United States and are illegal. They're also extremely common.

Reputation attacks are messages that appear to be sent from one person or organization, but are actually sent from another. The purpose of the messages isn't to advertise a particular service or product, but to make the recipients of the message angry at the apparent sender. The nastiest reputation attacks include the actual email addresses, phone numbers, and street addresses of the victim or victims. Reputation attacks constitute wire fraud, since they use forged addresses, and are illegal.

One more step in the right direction

Report suspicious messages to the U.S. Federal Trade Commission.

You can also help stop spammers by sending a copy of unlawful messages to the Federal Trade Commission at or file a complaint with the FTC.